- Security problems inherent in the smart grid, Scientific American
- Analyzing CAPTCHAs, Schneier on Security
- MySQL update addresses DoS vulnerability, The H
- Security updates for PostgreSQL, The H
- Reader, acrobat patches plug 23 security holes, Krebs on Security
- Facebook, Twitter used in stock fraud schemes, ReadWriteWeb
- FCC may confront ISPs over botnets, malware, Krebs on Security
- Schneier on Stuxnet, Schneier on Security
- EU agency report on Stuxnet, The Register
- Foxit patches PDF software flaws, Zero Day
- Spammers use soft hyphen to hide malicious URLs, Slashdot
- Oracle update delivers 81 database security fixes, Zero Day
Tag: twitter
Quick Security Alerts for the Week Ending 10/3/2010
- Google warning Gmail users on spying from China, Slashdot
- Twitter hit by another worm, The Register
- Potentially crippling vulnerability identified in Zeus botnet, The Register
- More on Stuxnet infections at Iranian nuclear facilities, Ars Technica
- Stuxnet can re-infect PCs even after disinfection, The Register
- New clues about the origin of Stuxnet, Zero Day
- Attack on LinkedIn using fake contact requests, Slashdot
- Microsoft ships emergency patch for ASP.NET vulnerability, Zero Day
- Spamhaus debuts whitelist service, The Register
- Largest simulated cyber attack to date, Slashdot
- Critical security patches in PDF Reader, Zero Day
- Pirate Bay user database exploited by spammers, TorrentFreak
- Exploits propagated via social media increase, Slashdot
Quick Security Alerts for the Week Ending 9/26/2010
- Stuxnet worm infected industrial control systems, Slashdot
- Stuxnet work may have targeted Iranian reactor, Slashdot
- Another story speculating about Stuxnet’s Iranian targets, Yahoo, HT Charles
- More on the sophistication of the Stuxnet worm, Schneier on Security
- Microsoft confirms ASP.NET vulnerability, Zero Day
- Microsoft provides temporary fix for APS.NET flaw, The Register
- Exploit of latest privilege escalation flaw in Linux kernel, Slashdot
- More details on recent Linux kernel flaws, The H
- Google App adopts optional two-factor authentication, ReadWriteWeb
- Security fix for critical Adobe Flash flaw, Krebs on Security
- Apple plugs info leak in OS X, Zero Day
- Fake iPhone jail-breaking tool packed with malware, Zero Day
- Twitter hit by security flaw, ReadWriteWeb
- More on highly visible Twitter security flaw, ReadWriteWeb
- Australian student responsible for Twitter exploit, Slashdot
- Hole closed in bzip2 compression tool, The H
- Are desktop firewalls overkill?, Slashdot
- New defense against DDoS attacks, Technology Review
- Security lessons learned from Diaspora launch, Slashdot
Security Alerts for the Week Ending 9/5/2010
- Commercial quantum crypto thoroughly hacked with lasers, Slashdot
- Microsoft fix for DLL vulnerability, Krebs on Security
- Microsoft tool for DLL vulnerability interferes with some applications, The H
- QuickTime flaw allows remote execution attack, The Register
- Twitter moves completely to OAuth for 3rd party apps, Web Monkey
- Fake Tweetdeck update prompts Twitter to reset passwords of compromised accounts, The Register
- Critical vulnerabilities in RealPlayer, Zero Day
- Google’s project hosting service used to host malware, Zero Day
- Questions about the security of Twitter’s OAuth implementation, Ars Technica
- Security patches for Chrome on its 2nd birthday, Zero Day
- Apple patches iTunes security flaws, Zero Day
- New malware imitates browser warning pages, Slashdot
- Data stealing bug in MSIE 8, Slashdot
feeds | grep links > PHP on Android, Shoring Up 4th Amendment Protection of Email, and More
- PHP coming to Android
The Register characterizes this as an option for developers who are no fan of Java or with apps that may not benefit from the native code support. They do point out this is an addition to a pretty good set of languages already supported by Android’s scripting framework. I see this as part of the trajectory of greater inclusion, of a piece with the announcement yesterday of an Android port of CouchDB. - Reversal for the better on 4th Amendment protection of email
Paul Ohm at Freedom to Tinker has a short post explaining both the original ruling, in the 11th Circuit, that stomped on any 4th Amendment protections for email and this latest development. The court vacated that original ruling and have issued a new one that doesn’t assume expectation of privacy is forfeit when storing email with a third party service. - Firefox 4 second beta coming next week
- More details on Twitter’s BitTorrent based code deployment
- More mixed rulings on online anonymity
Security Alerts for the Week Ending 7/4/2010
- Securing WordPress based on hard won, 1st hand experience
- New Twitter phishing attack
- New Microsoft Messenger has same security flaws as the old
- 22 million SSL certs in user are invalid
- Kraken botnet returns from the dustbin
- Adobe pushes out emergency fixes for Reader
- Qualitative differences in crypto and data usage
- White hate demonstrates Foursquare privacy hole capturing hundreds of thousands of logins
- Hack AT&T voice mail with Android
- Regular domains have more malware than porn sites
- Detection of suspicious logins extended to Google Apps
- Facebook apps must now seek user permission to access their data
- Replacing static CAPTCHAs with animation
- Top apps fail to utlize security features in Windows
- 50 arrested in spyware dragnet
- New Opera version includes malware protection
feeds | grep links > Open Skype SDK, New Release of Eclipse, iOS 4 Jail Broken, and More
- Skype releases an SDK, it may be open
Ryan Paul has the details at Ars. The beta for using the SDK is closed at the moment so I am guessing speculation about the SDK being open in some way has to do with it only being available on Linux. Nothing on the Skype site for the SDK mentions an open license. What I do find interesting, and prodded me to finally remark on this is that the SILK codec is available royalty free. I count myself among many who stick with Skype, despite it being proprietary, for the very high audio quality SILK provides. - New release of Eclipse IDE and associated tools
I stopped using Eclipse a few weeks back because I was getting bogged down by its idiotic insistence on continually re-compiling my project. I suspect this is very peculiar to a large Java project using Maven, not to Eclipse itself. As Ryan Paul explains at Ars, this latest, on-time release developers more tools, for more languages and targets, increasing Eclipse’s scope as well as its features. - Mozilla committed to web standards over native code
This Register piece actually ranges over much of the plans for the forthcoming releases of Firefox’s browser, not just the rational for not embracing native code and plugins the way Google has with Chrome. This is one of the reasons I am still a devoted Firefox user, despite claims it is bloaty or that it is being out innovated by Chrome. Mozilla strives harder to make a contribution of greater value to everyone on the web, not just their own browser, users or services. - iOS 4 jail broken
Sarah Perez has the details at RWW. The break works in 3G phones and 2nd generation Touches. It will be interesting to see if this helps prove out the rumor that over-the-air updates in iOS 4 are designed to detected and disable service on jail broken devices. I am also interested in seeing how fast the mod community can mow down the new hardware, the iPhone 4. I don’t expect it to take long, once hackers can actually lay hands on the devices. - More research into implications of stronger copyright on digital content
- More ideas, details on Google’s dedication to speeding up the web
- Twitter gets warning, settles with FTC over last year’s data breaches
- Latest IE9 preview makes strides in performance, comaptibility
Quick Security Alerts for the Week Ending 5/16/2010
- Unpatched drive-by download flaw in Apple Safari
- Critical code execution flaw in Safari
- Facebook fixes IP address leak
- Twitter bug lets users force others to follow them
- Gaping security hole found in Drupal
- MS plugs several worm holes
- Adobe fixes Shockwave vulnerabilities
- How to bypass iPhone lock code
- Microsoft’s MSE safe from AV bypassing attack
- DIY Twitter controlled botnets
- Facebook rolls out new login feature
- Researchers examine computer vulnerabilities in cars
- Removal of phishing servers is accelerating
Bogus DMCA Takedown against a Single Tweet
Mike Masnick at Techdirt has both the details and a good analysis. The tweet in question was posted by a music blogger, JP, and linked to a post on his blog. The tweet itself didn’t infringe or directly link to infringing material. That didn’t stop some rights holder from targeting Twitter, specifically, and the social messaging service from rolling over.
As Masnick explains, the post on JP’s blog links to a couple of files that may be infringing. At most that post on his blog should be the target of a takedown, not his tweet. Undoubtedly, like many takedowns, some lawyer fired this off with little thought or investigation. This is an excellent example of the problematic asymmetry in costs inherent in the DMCA takedown system. Without any burden on the issuer the calculus inevitably leads to firing off a demand letter even when the intent isn’t even prior restraint on speech. This could be a legitimate mistake stemming from simple ignorance but a small amount of friction might have correctly preempted it.
Worst is the cost on countering a DMCA takedown, especially for a fast moving service like Twitter. The normal delays in dealing with a counter claim hardly make it worth the effort. Who is going to be interested in a tweet restored from two week’s back? I dearly hope this isn’t the head end of a new trend to use searchers that work with social streams to spot words like “leak” and indiscriminately issue takedowns.
More on the Library of Congress Twitter Archive
Nate Anderson at Ars spoke with Martha Anderson, the director of the National Digital Information Infrastructure and Preservation Program at the Library. She explains that the move to archive Twitter’s public timeline was initiated by Twitter which makes a lot more sense out of the idea. She expresses more enthusiasm for the project than I would have inferred from it being pushed by the social message service.
I can see her point about capturing a change in communications as it happens. I will be curious to see if Twitter and social messaging as a whole remain an abiding change like print, radio and television. I wonder if it is too early to make this call but given the storage capacity mentioned in the article, the cost of finding out is minimal. I hope the other costs associated are minimal, there is good reasons to think so. I am glad that the archive will be using existing capacity, no doubt a big reason why the Library agreed in the first place.
Nate paints some interesting scenarios, too, to help explain the project. I guess he has a point about the archive as a supplemental resource. It is time coded and increasingly will be geocoded making it easier to correlate to more in-depth materials. As such, I think he may be right about it giving a social color to events of the day that may be otherwise lacking in the digital record.
I would suggest they look at the Internet Archive to help with the short link issue. Think about it: even expanding a short link and capturing the canonical ULR now could lead to a broken link years from now or worse a site that no longer matches the message from which it was linked. Converting short links through their expanded form and then to a pointer into a snapshot in the Wayback Machine makes great sense to better solve both those problems.